Security Basics mailing list archives
Re: software security auditing in Linux-based systems
From: Chad Perrin <perrin () apotheon com>
Date: Thu, 3 Jul 2008 17:35:22 -0600
On Thu, Jul 03, 2008 at 02:52:46PM -0400, Jon Kibler wrote:
Chad Perrin wrote:After some cursory searching, and having used a few distributions for a few years, I haven't found any software vulnerability auditing software for any Linux distribution equivalent to FreeBSD's portaudit or NetBSD's audit-packages.I don't know a lot about the packages you have mentioned for BSD, but for Linux there is OVAL, Sussen and Bastille for starters.
Bastille is a "security hardening" tool -- not even close to the same thing. OVAL is basically another vuxml, as far as I'm aware -- which is great, but you still need tools based on it to actually do anything useful. I haven't heard of Sussen before, but as a cursory check I did an apt-cache search for it in Debian repositories. It doesn't appear to be there. Worse, I don't see any sign that it integrates with the software management system of any Linux distribution on the Sussen website[1]. Does it actually provide the sort of full, in-depth coverage for any OS in particular that portaudit does for FreeBSD, or is it a "best effort" third party thing that can't deal with OS-specific matters like, say, Secunia Personal Software Inspector? == [1]: http://www.lbtechservices.com/projects/sussen/ -- Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ] The strength of any system is inversely proportional to the restrictions on the power of tools allowed to the general public by that system.
Attachment:
_bin
Description:
Current thread:
- software security auditing in Linux-based systems Chad Perrin (Jul 03)
- Re: software security auditing in Linux-based systems Jon Kibler (Jul 03)
- Re: software security auditing in Linux-based systems Chad Perrin (Jul 04)
- Re: software security auditing in Linux-based systems Gleb Paharenko (Jul 04)
- <Possible follow-ups>
- Re: software security auditing in Linux-based systems Chad Perrin (Jul 04)
- Re: software security auditing in Linux-based systems Jon Kibler (Jul 03)